[Winpcap-users] Soap Message Filter How?

David Chang dchang at fsautomation.com
Wed Jul 8 17:26:51 PDT 2009


There's a bunch of steps that you need to go through to extract soap 
messages. Do you need help conceptually with how to do that? Or, do you 
have a specific question about how to read a .pcap file (with all the 
raw packet info in it)? If it's a specific question about how to read a 
.pcap file, I can send you some code for that.

There's no magic filter that you can specify to get only soap/xml packet 
from a .pcap file. You have to read each raw packet and decode the TCP 
header and figure out which host IP address and port (80 for http) this 
packet is from/to. Then you have to get the payload out and check the 
application header to see if this is a soap/xml packet. Lastly, you may 
have to re-sequence the packets (packet order) using the TCP seqnum and 
concatenate packets (one soap message may require multiple packets). You 
can filter based on host, protocol, and port number (host 
tcp port 80) to limit the raw packet stream.


Park, Chong SuhX wrote:
> I am trying to build a window application ( using visual studio 2008) 
> to collect (extract) soap/xml message from pcap file. I read WinPcap 
> document and followed many function calls but didn’t find a filter or 
> example that does allow me to extract soap messages from .pcap file 
> using wpcap.lib
> Can anyone give me an advice on how I can achieve this kind of thing?
> Thank you in advance!
> - John
> ------------------------------------------------------------------------
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users

More information about the Winpcap-users mailing list